The present invention relates to tamper resistant software system implementations, and more specifically, to the evaluation of the strength of tamper resistant software system implementations.
It is frequently desirable to provide software that is protected against tampering. Military software, music and move software, video games and software with embedded licenses are examples of software for which tamper resistance is frequently provided. As the music and movie industries begin to make digital content more widely available, they rely more heavily on tamper resistant software, which raises the importance in the effectiveness of these techniques.
As the value of software at risk of piracy increases, many new techniques for tamper resistant software have been introduced. With many different techniques available it would be desirable to have a way to evaluate the strength of these techniques based on the tamper-resistance of particular software implementations. However, a satisfactory strength evaluation scheme has not been available. As a result, it is difficult to make comparisons between multiple proposed tamper-resistance techniques.
One reason for a lack of evaluation tools is that many tamper resistance technologies rely on trade secrets. A detailed public evaluation of such secrets could decrease the strength of the technique by revealing important aspects of the technique to individuals intent on its circumvention.
Another reason for the lack of adequate software tamper resistance evaluation tools is that the strength of such a system is tightly linked to the particular implementation and the software which it is protecting. As a result, an evaluation of the strength of a technique for one implementation on a particular kind of software may be invalid for an implementation of the technique on different software.
Another impediment to evaluation of the effectiveness of tamper resistant software is that developing a team of knowledgeable personnel in-house with the skills to properly evaluate the software is cost prohibitive. Furthermore, many of these software developers are reluctant to release their software to outside evaluation out of fear of leaking their intellectual property.